Credit Card Exposure Analyzer
Configuration Name: CCExposure
Description
The CCExposure analyzer reports when an operation exposes a credit card number.
A finding is reported when a response contains a value that is a string that
matches global credit card number formats.
Faults Reported
| Fault Identifier | Title | Summary | Solution | Severity |
|---|---|---|---|---|
| CWE-213 | Exposure of Sensitive Information | Application response contains a credit card number, which may or may not be intended. | Complete credit card numbers should not be returned in a response. Use a masked number to identify a credit card to a user. Verify that the operation has proper access control such that that a user cannot access another user's personal information. | low |